Sunday, March 30, 2014

cdma2000 CSA radio test measurements

Recording the test results from CSA radio test measurements, whether the transmission technology be e.g. GSM, CDMA, WCDMA and/or LTE, it is perhaps a common thought that the data can be output and presented in a uniform format irrespective of the transmission technology. That would be all well and good were it the case that there had been set down an agreement for CSA regarding the components that only need to be provided. However, there is no such formal forensic best practice, evidential regulation or legislative directive that prescribes this. The fact that there is lack of agreement isn't such a problem and is probably a good thing because the components acquired for CSA are constantly evolving and changing and therein, for anyone conducting CSA, is the requirement to constantly and continuously identify:

a0 - The relevant transmission technology(ies) under investigation (MS may use several cellular technologies)

a1 - The relevant transmission capability of the mobile terminal and the profiling of any (U)SIM/R-UIM

a2 - The relevant technical capability of BSS/BTS and arrangements defined at a particular mast/tower

a3 - The relevance of any legacy technology/influences operating at the material time

a4 - How the above impacts on the information that is recorded in the call records/cell site details

Where cdma2000 1x, cdma2000 1x EV-DO or cdma2000 1x EV-DV might be in use it may be that cross-referencing the radio test measurement results to corroborate the information recorded in the call records might nor always be possible. Moreover, depending upon the information dissemenation, it can be a law enforcement officer, private investigator or court/attorney the person to whom their enquiries are made for information that person may have no clue what information is available or have a limited understanding.

For those conducting cell site analysis, the identification of cell coverage and each cell's parameters detected at a particular point within a surveyed land-parcel is an important procedure. Commonly, a person conducting CSA within a cdma2000 radio demesne might seek network operator identity, radio area network identity, base station identity and cell/sector. There are various cdma standards, but for the purposes of this discussion the combination of detail that can be preferred is the combination of SID/NID/base_id/Ref_PN. I use the reference cdma2000 standard adopted for this discussion:

3GPP2 C.S0022-A v1.0 Date: March 2004
Position Determination Service for cdma2000 Spread Spectrum Systems

Provide Pilot Phase Measurement Page 2-55
2.2.4.2.6 Provide Pilot Phase Measurement (‘0101’)
If RESP_TYPE is equal to ‘0101’ (Provide Pilot Phase Measurement), RESP_PAR_RECORD shall include the following variable-length record:

Table Page 2-56




This standard defines an MS to capture and compile the SID/NID/base_id/Ref_PN along with other details but the standard does not specify how this information may be translated so that a CSA examiner can illustrate the uniqueness of a particular cell/sector. It is known that an important component for CSA that the examiner endeavours to report the cell and sector upon which MS mobile communications may be/have been routed from a particular location within a land-parcel.

Balancing the issues of the material time technology vis-a-vis legacy technology; a useful starting point appears to be June 2004 when the CDMA mobile industry focus groups discussed and reached a consensus that the inclusion of SID/NID/base_id/Ref_PN would provide the broadcast parameters for identifying a unique cell/sector. That is in relation to Position Determination Services. From my research library of historical reports and papers I note:

Terry Jacobson (Lucent Technologies) comments in X.P0024 (June 8th 2004) ".....this contribution recommends that the Pilot PN information be used (in addition to the SID, NID and BASE_ID) to uniquely identify a cell/sector. Specifically, that the REF_PN parameter be added (see C.S0022-A v1.0 page 2-53) to the SID, NID and BASE_ID as the parameters that identify the serving cell/sector. The REF_PN is a 9-bit information element indicates the “PN sequence offset of the pilot used by the mobile station to derive its time reference, relative to the zero offset pilot PN sequence in units of 64 PN chips”." 

Ref-PN as stated in 3GPP2 C.S0022-A v1.0 Date: March 2004



 So at what point would an MS communicate the measurements to the network? The standard set outs:

 
CSA examiners should read the relevant paragraphs of 3.2.2 as it reminds examiners of issues associated with 'not supported' in legacy technology.  Moreover, take care when considering what information is being measured in Idle Mode, Mobile Originated Call (send call) and Mobile Terminated Call (received call).

Subject to the collection of location components identified in this discussion actually being supported by the various technologies highlighted above, it is clear that it is possible for MS to collate the measurement results in order to send those measurements to the network. This suggests the test handset used for any radio test measurements should be able to display the combination of SID/NID/base_id/Ref_PN that should assist the examiner identify a unique cell/sector of a particular mast/tower.

The above discussion is not definitive and does not cover every aspect of cdma2000 cell site analysis. The discussion highlights one area of knowledge that may be helpful to a possible investigation by a CSA examiner.

No comments: